VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 405 of 549
  • CVE-2015-1257May 20, 2015
    risk 0.00cvss epss 0.02

    platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service…

  • CVE-2015-1252May 20, 2015
    risk 0.00cvss epss 0.02

    common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a…

  • CVE-2015-1845May 19, 2015
    risk 0.00cvss epss 0.06

    Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2014-9204May 17, 2015
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file.

  • CVE-2015-2712May 14, 2015
    risk 0.00cvss epss 0.04

    The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary…

  • CVE-2015-2710May 14, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets…

  • CVE-2015-3078May 13, 2015
    risk 0.00cvss epss 0.05

    Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary…

  • CVE-2015-1681May 13, 2015
    risk 0.00cvss epss 0.02

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File…

  • CVE-2015-3633May 1, 2015
    risk 0.00cvss epss 0.03

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.

  • CVE-2015-1863Apr 28, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

  • CVE-2015-3310Apr 24, 2015
    risk 0.00cvss epss 0.05

    Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.

  • CVE-2015-1246Apr 19, 2015
    risk 0.00cvss epss 0.02

    Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2015-1240Apr 19, 2015
    risk 0.00cvss epss 0.01

    gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.

  • CVE-2015-1238Apr 19, 2015
    risk 0.00cvss epss 0.02

    Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

  • CVE-2015-0530Apr 17, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.

  • CVE-2015-1821Apr 16, 2015
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with…

  • CVE-2015-1898Apr 15, 2015
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1897.

  • CVE-2015-1897Apr 15, 2015
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1898.

  • CVE-2015-0907Apr 15, 2015
    risk 0.00cvss epss 0.03

    Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive.

  • CVE-2015-2831Apr 14, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable.